ANDROID: mnt: Fix null pointer dereference (cbfbd9e9) · Commits · e / devices / android_kernel_fairphone_FP5

fs/namespace.c

+7 −3

Original line number	Diff line number	Diff line
		@@ -956,9 +956,11 @@ static struct mount skip_mnt_tree(struct mount p)
		struct vfsmount vfs_create_mount(struct fs_context fc)
		{
		struct mount *mnt;
		struct super_block *sb;

		if (!fc->root)
		return ERR_PTR(-EINVAL);
		sb = fc->root->d_sb;

		mnt = alloc_vfsmnt(fc->source ?: "none");
		if (!mnt)
		@@ -971,7 +973,8 @@ struct vfsmount vfs_create_mount(struct fs_context fc)
		free_vfsmnt(mnt);
		return ERR_PTR(-ENOMEM);
		}
		fc->root->d_sb->s_op->update_mnt_data(mnt->mnt.data, fc);
		if (sb->s_op->update_mnt_data)
		sb->s_op->update_mnt_data(mnt->mnt.data, fc);
		}
		if (fc->sb_flags & SB_KERNMOUNT)
		mnt->mnt.mnt_flags = MNT_INTERNAL;
		@@ -2550,7 +2553,7 @@ static int do_remount(struct path *path, int ms_flags, int sb_flags,
		err = -EPERM;
		if (ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) {
		err = reconfigure_super(fc);
		if (!err) {
		if (!err && sb->s_op->update_mnt_data) {
		sb->s_op->update_mnt_data(mnt->mnt.data, fc);
		set_mount_attributes(mnt, mnt_flags);
		namespace_lock();
		@@ -2558,7 +2561,8 @@ static int do_remount(struct path *path, int ms_flags, int sb_flags,
		propagate_remount(mnt);
		unlock_mount_hash();
		namespace_unlock();
		}
		} else if (!err)
		set_mount_attributes(mnt, mnt_flags);
		}
		up_write(&sb->s_umount);
		}